search

vyos / vyos.vyos

Ansible Network Collection for VyOS
GNU General Public License v3.0
69 stars 62 forks source link

[Firewall] Manage bonding interface for Rule-Set #219

Open emferrandi opened 2 years ago

emferrandi commented 2 years ago
SUMMARY

Add interface firewalling for bonding interface

In the module, it's impossible to chose interface ethernet or interface bonding

ISSUE TYPE
COMPONENT NAME

Module : vyos.vyos.vyos_firewall_interfaces (https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_interfaces_module.rst#vyosvyosvyos_firewall_interfaces)

ADDITIONAL INFORMATION

When I run vyos.vyos, the module always run this command :

set interfaces ethernet bond0 firewall in name test

Instead of : set interfaces bonding bond0 firewall in name test

TEST

Configuration : 

bonding bond0 {
     address 192.168.0.254/24
     hash-policy layer2+3
     member {
         interface eth2
         interface eth3
     }
 }
 ethernet eth0 {
     address dhcp
 }

Yaml for test :

- name: Merge the provided configuration with the existing running configuration
  vyos.vyos.vyos_firewall_interfaces:
    config: 
    - name: bond0
      access_rules:
      - afi: ipv4
        rules:
        - name: fromINTERNET_ipv4
          direction: in
        - name: toINTERNET_ipv4
          direction: out
        - name: toLOCAL_ipv4
          direction: local    
    state: merged
sever-sever commented 2 years ago

It seems it handles there https://github.com/ansible-collections/vyos.vyos/blob/0a43a34d544d6f4f6055aa8a534fcf602fd235f2/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py#L437-L439

Possible options:

vyos@r4-epa2# set interfaces 
Possible completions:
+> bonding      Bonding Interface/Link Aggregation
+> bridge       Bridge Interface
+> dummy        Dummy Interface
+> ethernet     Ethernet Interface
+> geneve       Generic Network Virtualization Encapsulation (GENEVE) Interface
+> input        Input functional block (IFB) interface name
+> l2tpv3       Layer 2 Tunnel Protocol Version 3 (L2TPv3) Interface
+> loopback     Loopback Interface
+> macsec       MACsec Interface (802.1ae)
+> openvpn      OpenVPN Tunnel Interface
+> pppoe        Point-to-Point Protocol over Ethernet (PPPoE)
+> pseudo-ethernet
                Pseudo Ethernet
+> tunnel       Tunnel interface
+> vti          Virtual Tunnel interface
+> vxlan        Virtual Extensible LAN (VXLAN) Interface
+> wireguard    WireGuard Interface
+> wireless     Wireless (WiFi/WLAN) Network Interface
+> wwan         Wireless Modem (WWAN) Interface
mlk-89 commented 2 years ago

I wrote a PR for this issue: https://github.com/ansible-collections/vyos.vyos/pull/246